📣 New Release: Splunk Enterprise Security 7.1

[ZachTheSplunker]

Highlighted Features of this Release

• (RBA Visualization) Threat Topology
• (RBA Visualization) MITRE ATT&CK Framework Matrix
• Normalized Risk Object Field
• and more! -> Check out the release notes!

Splunkbase: https://splunkbase.splunk.com/app/263

Threat Topology

See the scope of the incident beyond the infected user, providing improved situational awareness, an expanded viewpoint, and a comprehensive view across the SOC team.

MITRE ATT&CK Framework Matrix

Security analysts can quickly build situational awareness around an incident in the context of the MITRE ATT&CK Matrix and pivot directly to associated MITRE documentation.

Normalized Risk Object field

Previously, RBA failed to account for Assets & Identities (A&I). Risk events were grouped strictly by Risk Object. If multiple risk events contained different risk objects, they would not be grouped together, even if the risk objects referred to the same Asset or Identity.

There is now a normalized_risk_object field in the Risk Data Model, which accounts for A&I data. Risk notables are grouped by this field allowing risk objects to be associated with an Asset or Identity.

Find out more on Splunk Docs

Release notes

See all the release notes at https://docs.splunk.com/Documentation/ES/7.1.0/RN/Enhancements

[matt-snyder-stuff]

😍that Threat topology!!!!